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EXAMINER'S AMENDMENT 

1 . An examiner's amendment to the record appears below. Should the changes 
and/or additions be unacceptable to applicant, an amendment may be filed as provided 
by 37 CFR 1.312. To ensure consideration of such an amendment, it MUST be 
submitted no later than the payment of the issue fee. 

Authorization for this examiner's amendment was given in a telephone interview 
with James Retter on August 17, 2007. 

In the claims : The claims are as follows: 

1 . (Currently amended) A system, comprising: 

a) a knowledge base, for maintaining a generic risk record including a plurality of 

fields at least some of which have subjective or quantitative values for risk, with the 
subjective values synchronized to numerical values, and at least some of which have 
been determined as an average of corresponding subjective or quantitative risk values 
in completed projects or processes; 

b) a data store of profiles, for maintaining a profile risk record associated with a 
particular profile for a particular project or process, and including the same plurality of 
fields as the generic risk record, the profile risk record for use in providing a risk 
assessment in the associated profile for the particular project or process; and 

c) a risk processor, for updating at least one of the subjective or quantitative 
values of the generic risk record based on a corresponding field value in the profile risk 
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record in the data store of profiles, by averaging into the at least one value of the 
generic risk record the corresponding field value in the profile risk record; 

whereby at least some of the subjective or quantitative values of the generic risk 
record are refined over time based on values of the corresponding fields of the profile 
risk record for the particular project or process; 

wherein some of the subjective or quantitative values are values of measuring 

fields input by the user, and others are values of calculated fields calculated by the 
system, and the system allows different modes of analysis in which the fields that are 
the measuring fields differ: 
wherein the modes of analysis include: 

a residual assessment mode, in which a user selects inherent values of likelihood 

and conseguence for a risk, and a value, for each control for the risk, for effectiveness 
in either preventing the risk or reducing the conseguence of the risk, and the system 
then calculates residual levels of likelihood, conseguence and risk rating for the risk: 

an inherent assessment mode, in which a user selects residual values of - 

likelihood and conseguence for a risk, and a value, for each control for the risk, for 
effectiveness in either preventing the risk or in reducing the conseguence of the risk, 
and the system then calculates the inherent levels of likelihood, conseguence and risk 
rating for the risk: and 

a controls self-assessment mode, in which a user selects inherent values of 
likelihood and conseguence for a risk, as well as residual values of likelihood and 
conseguence for the risk, and the system then calculates the effectiveness of 
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predetermined controls needed to either prevent the risk or to reduce the consequence 
of the risk . 

2-3. Canceled. 

4. (Previously presented) The system of claim 1 , wherein the system can be used in 
different modes of use, and further wherein only some of the fields of the generic risk 
record or the profile risk record are required to be used in a risk management analysis, 
and which of the fields are required depends on the mode of use. 

5. (Previously presented) The system of claim 4, wherein both the generic risk record 
and the profile risk record each comprise: 

a) a risk component, for indicating a risk, for indicating an inherent risk rating, 
and also for indicating a residual risk rating; 

b) a cause component, for indicating the cause of the risk; 

c) a consequence component, for indicating a particular consequence of the risk 
and an inherent and a residual cost of the particular consequence; and 

d) a control component, for indicating a control, for indicating whether the control 
is corrective or preventive, and for indicating the effectiveness of the control. 

6. (Previously presented) The system of claim 5, wherein in one mode of use an 
inherent risk impact cost is aggregated over the inherent cost of each consequence of 
the risk. 



Application/Control Number: 09/774,538 Page 5 

Art Unit: 3623 

7. (Previously presented) The system of claim 5, wherein in one mode of use the 
residual likelihood is an aggregate calculation based on the effectiveness of each 
preventive control acting on an inherent likelihood. 

8. (Previously presented) The system of claim 5, wherein in one mode of use a residual 
risk impact cost is aggregated over the residual cost of each consequence of the risk. 

9. (Original) The system of claim 1 , further comprising a scripting facility for enabling a 
user to create a script directing how a risk management process is to be performed, the 
script indicating steps that can be used in performing risk analysis in any profile. 

1 0. (Previously presented) The system of claim 1 , further wherein the risk processor 
also uses the generic risk record to provide initial values for the profile risk record, 
whereby the profile risk record has initial values based on experience gained over time. 

1 1 . (Currently amended) A method, comprising: 

a) a step of maintaining in a knowledge base a generic risk record including a 
plurality of fields at least some of which have subjective or quantitative values for risk, 
with the subjective values synchronized to numerical values, and at least some of which 
have been determined as an average of corresponding subjective or quantitative risk 
values in completed projects or processes; 

b) a step of maintaining in a data store of profiles a profile risk record associated 
with a particular profile for a particular project or process, and including the same 
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plurality of fields as the generic risk record, the profile risk record for use in providing a 
risk assessment in the associated profile for the particular project or process; and 

c) a step of updating at least one of the subjective or quantitative values of the 
generic risk record based on a corresponding field value in the profile risk record in the 
data store of profiles, by averaging into the at least one value of the generic risk record 
the corresponding field value in the profile risk record; 

whereby at least some of the subjective or quantitative values of the generic risk 
record are refined overtime based on values of the corresponding fields of the profile 
risk record for the particular project or process; 

wherein some of the subjective or quantitative values are values of measuring 

fields input by the user, and others are values of calculated fields calculated by the 
system, and the method allows different modes of analysis in which the fields that are 
the measuring fields differ: 
wherein the modes of analysis include: 

a residual assessment mode, in which a user selects inherent values of likelihood 

and conseguence for a risk, and a value, for each control for the risk, for effectiveness 
in either preventing the risk or reducing the conseguence of the risk, and the method 
then calculates residual levels of likelihood, conseguence and risk rating for the risk: 

an inherent assessment mode, in which a user selects residual values of 

likelihood and conseguence for a risk, and a value, for each control for the risk, for 
effectiveness in either preventing the risk or in reducing the conseguence of the risk. 
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and the method then calculates the inherent levels of likelihood, consequence and risk 
rating for the risk; and 

a controls self-assessment mode, in which a user selects inherent values 

of likelihood and consequence for a risk, as well as residual values of likelihood and 
consequence for the risk, and the method then calculates the effectiveness of 
predetermined controls needed to either prevent the risk or to reduce the consequence 
of the risk . 

12-13. Canceled. 

14. (Previously presented) The method of claim 1 1 , wherein the method can be used in 
different modes of use, and further wherein only some of the fields of the generic risk 
record or the profile risk record are required to be used in a risk management analysis, 
and which of the fields are required depends on the mode of use. 

15. (Previously presented) The method of claim 14, wherein both the generic risk 
record and the profile risk record each comprise: 

a) a risk component, for indicating a risk, for indicating an inherent risk rating, 
and also for indicating a residual risk rating; 

b) a cause component, for indicating the cause of the risk; 

c) a consequence component, for indicating a particular consequence of the risk 
and an inherent and a residual cost of the particular consequence; and 
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d) a control component, for indicating a control, for indicating whether the control is 
corrective or preventive, and for indicating the effectiveness of the control. 

16. (Previously presented) The method of claim 15, wherein in one mode of use an 
inherent risk impact cost is aggregated over the inherent cost of each consequence of 
the risk. 

17. (Previously presented) The method of claim 15, wherein in one mode of use the 
residual likelihood is an aggregate calculation based on the effectiveness of each 
preventive control acting on an inherent likelihood. 

18. (Previously presented) The method of claim 15, wherein in one mode of use a 
residual risk impact cost is aggregated over the residual cost of each consequence of 
the risk. 

1 9. (Previously presented) The method of claim 1 1 , further comprising a step of using a 
scripting facility to enable a user to create a script directing how a risk management 
process is to be performed, the script indicating steps that can be used in performing 
risk analysis in any profile. 



20. (Previously presented) The method of claim 1 1 , further wherein the risk processor 

also uses the generic risk record to provide initial values for the profile risk record, 
whereby the profile risk record has initial values based on experience gained over time. 
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Allowable Subject Matter 

2. Claims 1,4-11, and 14-20 are allowed. 

3. The following is an examiner's statement of reasons for allowance: 

The cited prior art, taken alone or in combination, fails to teach the claimed 
invention as set forth in claims 1,4-11 and 14-20. 

As presented in amended claim 1, the claimed invention teaches a system 
comprising: 

a) a knowledge base, for maintaining a generic risk record including a plurality of 
fields at least some of which have subjective or quantitative values for risk, with the 
subjective values synchronized to numerical values, and at least some of which have 
been determined as an average of corresponding subjective or quantitative risk values 
in completed projects or processes; 

b) a data store of profiles, for maintaining a profile risk record associated with a 
particular profile for a particular project or process, and including the same plurality of 
fields as the generic risk record, the profile risk record for use in providing a risk 
assessment in the associated profile for the particular project or process; and 

c) a risk processor, for updating at least one of the subjective or quantitative 
values of the generic risk record based on a corresponding field value in the profile risk 
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record in the data store of profiles, by averaging into the at least one value of the 
generic risk record the corresponding field value in the profile risk record; 

whereby at least some of the subjective or quantitative values of the generic risk 
record are refined over time based on values of the corresponding fields of the profile 
risk record for the particular project or process; 

wherein some of the subjective or quantitative values are values of measuring 
fields input by the user, and others are values of calculated fields calculated by the 
system, and the system allows different modes of analysis in which the fields that are 
the measuring fields differ; 

wherein the modes of analysis include: 

a residual assessment mode, in which a user selects inherent values of likelihood 
and consequence for a risk, and a value, for each control for the risk, for effectiveness 
in either preventing the risk or reducing the consequence of the risk, and the system 
then calculates residual levels of likelihood, consequence and risk rating for the risk; 

an inherent assessment mode, in which a user selects residual values of 
likelihood and consequence for a risk, and a value, for each control for the risk, for 
effectiveness in either preventing the risk or in reducing the consequence of the risk, 
and the system then calculates the inherent levels of likelihood, consequence and risk 
rating for the risk; and 

a controls self-assessment mode, in which a user selects inherent values of 
likelihood and consequence for a risk, as well as residual values of likelihood and 
consequence for the risk, and the system then calculates the effectiveness of 
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predetermined controls needed to either prevent the risk or to reduce the consequence 
of the risk. 

The closest prior art on record, Mulholland, does not explicitly teach a residual 
assessment mode, an inherent assessment mode, or a controls self-assessment mode, 
or the step of averaging into at least one value of a generic risk record the 
corresponding field value in the profile risk record. Specifically, Mulholland does not 
teach the step of allowing a user to select inherent or residual values of likelihood and 
consequence for a risk, and a value, for each control for the risk, for effectiveness in 
either preventing the risk or reducing the consequence of the risk, and the system then 
calculates inherent or residual levels (respectively) of likelihood, consequence and risk 
rating for the risk. Mulholland also does not explicitly teach a controls self-assessment 
mode, in which a user selects inherent values of likelihood and consequence for a risk, 
as well as residual values of likelihood and consequence for the risk, and the system 
then calculates the effectiveness of predetermined controls needed to either prevent the 
risk or to reduce the consequence of the risk. While Mulholland teaches the step of 
refining some of the subjective or quantitative values of the generic risk record based on 
values observed for a particular project or process, Mulholland does not explicitly teach 
the step of averaging observed values into the corresponding field value of the generic 
risk record to provide a new baseline value in a generic risk record template. 
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Any comments considered necessary by applicant must be submitted no later 
than the payment of the issue fee and, to avoid processing delays, should preferably 
accompany the issue fee. Such submissions should be clearly labeled "Comments on 
Statement of Reasons for Allowance." 

Conclusion 

4. The prior art made of record and not relied upon is considered pertinent to 
applicant's disclosure. 

Deo (WO 00/541 86A1) teaches a system and method for risk assessment and 
management. 

Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Peter Choi whose telephone number is (571) 272 6971. . 
The examiner can normally be reached on M-F 8-5. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Tariq Hafiz can be reached on (571) 272-6729. The fax phone number for 
the organization where this application or proceeding is assigned is 571-273-8300. 
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Information regarding the status of an application may be obtained from the 
Patent Application Information Retrieval (PAIR) system. Status information for 
published applications may be obtained from either Private PAIR or Public PAIR. 
Status information for unpublished applications is available through Private PAIR only. 
For more information about the PAIR system, see http://pair-direct.uspto.gov. Should 
you have questions on access to the Private PAIR system, contact the Electronic 
Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a 
USPTO Customer Service Representative or access to the automated information 
system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. 




August 17, 2007 
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